jwt in query key
I have endpoints (they happen to subscriptions over WebSocket via https://docs.convex.dev/client/tanstack-query) that have a JWT as inputs. I think I want to add the JWT as another element in my query keys, although I'll use some hash-like function that takes just the pieces I think matter about the JWT (just things like subject, ignoring things like expiration tiem) and stuff them in the query key array.
Is there a standard approach here? I think this JWT hash will go at the end of the query key, does that sound right? It's be something like
${claims.subject}-${hash(claims)}.5 Replies
frail-apricot•10mo ago
I've only seen the basic example of JWT's being used in the
Authorization header, but if it's in your query key, I imagion your endpoint is using it in the GET query params/POST http body. Am I correct on that or am I missing something?
And becauses it's a JWT I guess it's important that it's signed right?harsh-harlequinOP•10mo ago
It's not actually an HTTP request but yeah, imagine it's in the Authorization header or the query params or body. Any of these places seems like it belongs in the query key.
frail-apricot•10mo ago
I've usually not seen auth state in query keys, just because it's like one level above react query in a protected web app
Like, if a request returns a 401, just logout anyway (and maybe reset the queryClient on the way out)
but anything in query and body params shoud be in the key
Oh yeah, it's websockets rather then http thanks. this is for the default query function that the convex tanstack query intergration provides?
frail-apricot•10mo ago
frail-apricot•10mo ago
This does feel like one of those cases where if it works it works, query isn't that opinonated after all.